1.0 Context Setting
Trade and commerce operate for profits. Their own business Dharma and compliance to a few statutory requirements keep them going. Banks are also in Business but they deal with money, that too of public. Trust from its constituents is the main factor to keep them going. Trust takes a long time to build but can crash quickly in adverse situations. Recent examples are Yes Bank and PMC Bank and CKP Co-op Bank.
Hence additional ring-fencing is required and therefore, regulations kick in. As you know, regulations are more stringent than statutes and violations of the same involve ‘name and shame’ too amidst heavy fines and no appeal.
Hence, ‘Compliance’ in the banking context assumes huge importance as it impacts the reputation and economic growth of a country. We will discuss the present state of affairs of the compliance culture in Banks in India and remedial steps in this article.
2.0 What is Compliance?
The Basel Committee on Banking Supervision (BCBS) paper defines Compliance risk as “the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities”.
2.1 What are the risks involved in Non-compliance?
Being a financial institution risks are wide and varied and sensitive if violations happen Conventional matrix of risks involved are depicted in the diagram below.
2.1.1 Risk in Digital Banking Scenario
Now Digital Banking is happening in a big way and has added a new set of risks as below
Compliance Culture has become more important in the era of digital banking as in technology-driven banking, a lot of potential danger has become active such as:
1) Confidentiality breach (Confidential data being stolen)
2) Availability breach (Systems are intact, but services are unavailable), and
3) Integrity breach (corruption of data or systems affecting the integrity of information and processing methods)
4) New challenges after the arrival of Cryptocurrency, quantum computing and open banking.
In the field of digital banking, resolving all such errors and challenges at the primary level is the part of the compliance culture
2.2 Conventional Risk Matrix
- Business/Strategic risk
- Compliance risk
- Credit risk
- Cybersecurity Risk
- Liquidity risk
- Market risk
- Moral hazard
- Open Banking Risk
- Operational risk
- Reputational risk
- Systemic risk
2.3 All Pervasive Factor
Compliance encompasses all activities of the Bank like:
- Estate matters
- Infrastructure and
- Cross border Banking
In fact, every activity of the Bank is having a SOP either internally made and /or externally monitored.
2.4 Architecture of Compliance set up
Broadly, we can classify them into seven silos:
- a) Regulatory Bodies
- b) Statutory Bodies
- c) Other Agencies/ Apex Bodies
- d) Internal rules
- e) Public
- f) Business Ethics
- g) Cultural/Moral mosaic
2.4.1 Regulatory Bodies and their Powers
We present below the Seven Super monitors/controllers of the Banks:
- Reserve Bank of India (RBI)
- Insurance Regulatory &Development Authority of India (IRDAI)
- Securities Exchange Board of India (SEBI)
- Provident Fund Regulatory &Development Authority of India (PFRDA)
- Fixed Income Money Market & Derivatives Association of India (FIMMDA)
- Insolvency & Bankruptcy Board of India (IBBI)
- Ministry of Finance, Government of India (MOF)
2.4.2 What is Regulation?
Regulations are superior to statutes in the following ways:
- Vested with licensing powers and can cancel/suspend the business activities.
- The Circulars have legal effect.
- Have the power to Audit, Inspect and seek data
- Appoint/remove CMD/MD/CEO/ED/DMD/OSD and Nominee Director in PSU Banks (MOF/RBI)
- Call for ongoing control reports of Business
- Can suo moto initiate action
- Levy fines/penalties
- All Policy Directions flow from them and Business Decisions are monitored with Checks and Balances
One can dwell at length on the monitoring and controlling role of all the regulators but a broad sweep of RBI’s regulatory role is central to Banks’ compliance portfolio. We will look at the areas of supervision by RBI.
2.4.3 Role of RBI as a regulator
Main Areas of Regulation are:
- Licensing &Network expansion
- Financial Supervision
- Payment &Settlement system
- Foreign exchange
- Policy rates/Reserve Ratios
- Cross Border Banking
- Prudential norms
- Assets classification
- KYC Policy Implementation
- Data Dissemination
- Corporate Governance
Thus, all areas of Banking activities come under the constant scrutiny of RBI.
2.4.4 Statutory Compliance
As a legal entity Banks are also subject to the provisions of various laws of the land. A list of laws of the land the Banks will have to reckon with is furnished below:
|RBI Act, 1934||BR Act, 1949||FEMA 1999|
|Income Tax Act, 1961||PMLA 2002||Shops Establishment Act (State)|
|Companies Act, 2015||DICGC Act, 1961||Indian Partnership Act, 1932|
|MSMED Act, 2006||Bankers Book Evidence Act, 1981||The Essential Services Maintenance Act, 1968|
|Right To Information Act, 2005||COPRA 1986||Criminal Procedure Code 1973|
|Civil procedure Code 1908||Majority Act 1875||Personal laws|
|Indian Stamp Act, 1899||Indian Contract Act, 1872||FATCA 2010|
|Credit Information Company Act, 2005 (CIBIL)||Information Technology Act, 2000||NI Act, 2015 (Amended)|
|Sale of Goods Act, 1930||Insurance Act, 1938||Payment of Bonus Act, 1965|
|Competition Act, 2002||Limited liability Act, 2008||Payment of Gratuity Act, 1972|
|Industrial Disputes Act, 1946||General Law||GST Act, 2017|
|Payment&Settlement Act, 2015||Standards&Weight Measurement Act, 1956||Insolvency& Bankruptcy Code 2016|
|Indian Trusts Act, 1982||Powers of Attorney Act, 1882||SOX Act, 2002|
|Employees Provident Fund Act, 1952
|Trade Union Act, 1926||Transfer of Property Act, 1882|
All these laws impinge on the functioning of the Banks on a day-to-day basis.
2.4.5 Compliance to Other Agencies /Apex bodies
Besides the above, there are a number of Apex bodies created by statute. Banks need to abide by their guidelines to get assistance/finance/avail their services.
|Refinance Agencies||Advisory/Audit agencies||Credit Agencies||Payment Agencies||Recovery Agencies|
|NHB||BCSBI||CGTMSE||OLTAS(Online Tax Accounting System)||DRT|
|ISO||Foreign Trade Policy 2015-20|
2.4.5 Internal rules
All of us are aware of the role these agencies play to ensure Banks fall into Compliance mode to seek their assistance /help.
All banks have evolved Standard Operating Procedure (SOP) besides audit /Inspection procedures for all the activities in the Bank.
They are in the form of Instruction Manuals, Circulars, Memos, Code of Conduct rules, newsletters, job cards and in house magazines.
2.4.6 Public at large
Public, especially the customers, are also made aware of these rules and mutual obligations through various methods as under:
- Through rules of business printed in the chequebook and Passbook flaps
- Press releases
- Code of Bank’s commitments to customers Book displayed in the banking hall
- Mandatory Notices as per RBI directives displayed in the banking hall
- Information boards regarding customer grievances mechanism
- In Account opening forms in the form as terms and conditions
- In all legal Documents like deeds, agreements
- Through emails/mails and other digital modes of Communication
- Other publications/materials
- TAT norms
There are two implications in involving the public.
- Banks put themselves under scrutiny with the public for compliance.
- The public at large become watchdogs for the good governance of the Bank at grass root levels.
2.4.7 Business Ethics
All Banks bind themselves to a set of principles and document the same in various ways to make the staff aware of the compliance culture. Some of them are listed here:
- Mission and vision statement
- Corporate loan policy
- Logos and tagline
- Customer-first approach policy document
- CSR activities
All these give a sense of direction and purpose to the staff to be in compliance mode all the times.
2.4.8 Moral/Ethics Mosaic
Compliance has the underpinnings of the moral, ethical principles espoused by the top management of the banks. Policies they evolve show the moral compass of the bank to the staff, and helps proper culture sets in.
Some examples will illustrate the point
- Some of the banks shun opening of branches in rural places thus depriving the population of benefits of financial Inclusion. They value profit more than meeting social objectives.
- There are Banks in India, who
- want to distribute profits more to shareholders than add to reserve
- go slow on CAPEX including for Technology
- understate NPAs and under provide on prudential norms
- promote tainted/Non-performing staff
- go for corporate loans more than for retail business
- give ESOP to staff and some do not
- will not tolerate acts of the dishonesty of the staff
These kinds of actions set the compliance climate of the bank
Stark examples of dishonesty from the top emerged recently in the case of Yes Bank and PMC Bank. In one case, the promoter pledged his shares and thereby withdrew his stake. Further made money when the stock price was high by selling his shares in the open market when he knew the Bank would land in distress. In other cases, money was allowed to be swindled by HDIL promoter by creating 21049 fake accounts to hide his 44 bad loans.
3.0 Causative factors that lead to compliance slippages
There are many contributory factors for poor standards on compliance apart from lack of Integrity as illustrated above. We will endeavour to identify some elements below
- Poor/outdated systems and Procedures
- Aggressive growth style
- Low sensitivity amongst staff
- Suppressing incident reporting
- Poor Audit system and poor choice of Audit personnel
- Ineffective technology
- Poor accountability culture
- Frauds perpetrated from internal and external sources
- Poor communication flow from top to line staff
3.1 Fraud as the main element in Compliance slippage
An analysis of frauds that happened in 2015-20 indicated the vulnerable areas. They are listed below:
- Money Laundering
- Black money sent abroad
- Debit/Credit Card frauds
- Fake Demat accounts
- Benami accounts
- Forged Stamp papers
- KYC Violations
- KYC frauds
- KYC Updating
- Identity Theft
In the past 2 years, many banks have incurred heavy losses due to frauds inflicted on them. The following examples are fresh in our minds:
|Bank||Loss due to Fraud(Rs in crores)|
|PMC Bank, Pune (HDIL)||4,350|
|PNB (Nirav Modi)||13,700|
|CKP Coop Bank, Mumbai||500|
|Guru Raghavendra Sahakara Bank, Bangalore||350|
- It will be shocking to know that in the past 5 years, Urban co-op banks reported about 1000 cases worth more than Rs 220 crores
- During April-September 2019 frauds in PSBs involved Rs 95,760 crores
- In FY 2018-19 it was Rs 71,500 crores involving 6,800 cases
- In Rotomac Pen case, 7 banks have lost Rs 3,695 crores in fraud
- In the Kanishka Gold Private Limited case, 14 Banks have lost Rs 824 crores
In all the above complicity and greed from inside the Bank helped the fraudsters.
3.2 Tech frauds
This is a new phenomenon where the fraudster operates anonymously and from outside.
Timely detection is a challenge and recovery possibility are nil. Analysis has revealed the top 3 technology-related frauds happen through:
- Identity fraud
3.3 KYC violations detected by RBI
KYC violations are regularly happening in Banks as per press reports of RBI levying fine on errant banks.
In a period of 7 months alone in January to July 2019, RBI detected 70 cases of violations and collected a fine of Rs122.9 crores.
Practically all Banks in India figure in KYC violations.
Laxity in due diligence of KYC procedures, pave way for frauds later and money laundering.
3.4 What are the hindering factors for good compliance?
We have seen from the foregoing that Banks have to cater to a huge number of regulatory operators/statutory authorities who often lack a coordinated approach. They operate in silos and no effective /corrective guidance is obtained. This has to be thought over.
Similarly, separate departments in the Bank use different and disparate data sets and varying processes for risk reporting and risk assessment. So, convergence is lacking.
Banks operate various digital channels like websites, social media, mobile apps, search engines and more but lack tech capabilities to track all of them at one point to identify policy violations and risk events. The single testing platform is to be built to overcome the deficiency.
Radical changes need to be done in the Information Technology Act to facilitate a better compliance regime. Such changes need to synchronized with other laws too.
I will quote a simple example. Presently, only a sub-inspector can arrest a cyber-fraud criminal. The window to arrest him is itself small as he is often not in the scene of the crime and a sub-inspector chasing him is impracticable.
3.5 Way Forward
- Seminal changes are to be made for the integration of the compliance architecture internally and at external agencies.
- Though a General Manager is posted as the pointsman, he is not equipped to handle issues relating to cybercrimes. Good training is to be put in place and a tech-savvy team allotted to him.
- One-third of total weightage is to be allocated to compliance portfolio in all promotion process for all cadres in the Banks.
- Young and tech-savvy managers are to be chosen to do internal audit/inspection. Presently, it is meant for pre-retirement/punishment posting in many banks.
- Regulators should walk the extra mile beyond levying fines and applying moratorium by taking quick preventive steps.
4.0 End note
The present state of poor compliance culture has manifested in huge NPAs and galloping cybercrimes in Banks today. Banks are the engines of economic growth for our country and they need to be in robust health. India is poised to build big banks to take on international competition. Hence, good compliance should be an important and urgent priority.
About the Author
Venkataraman is a senior professor at Manipal Global Academy of BFSI. He is a multi-talented person – a banker, an advocate, faculty in many educational institutions. He retired as an executive from Canara Bank after serving the bank in various managerial capacities for 34 years.
Prof. Venkataraman holds an MBA in HR, and LLM besides many certification and membership in Karnataka Bar Association. He is a faculty in ICAI, Bengaluru, conducts online classes for business administration students of Sikkim Manipal University and he is a viva panel member in four universities. He also works as an IPR consultant. Since 2011, Venkataraman working with Manipal.